Parse external request id from request headers, and print it in access log

[sillyguodong]

Close: #22890.

---

Configure in .ini file:

[log]
REQUEST_ID_HEADERS = X-Request-ID, X-Trace-Id

Params in Request Header

X-Trace-ID: trace-id-1q2w3e4r

Log output:

[wxiaoguang]

Maybe these headers could be added to access log, but not the routing log. Although in most cases you see the routing logs and treat them as access logs, but the routing logs are mainly for debug purpose, and are always subjected to be changed.

[sillyguodong]

Maybe these headers could be added to access log, but not the routing log. Although in most cases you see the routing logs and treat them as access logs, but the routing logs are mainly for debug purpose, and are always subjected to be changed.

I think you're right. i will put it into access log. thank you for your suggestion!

[sillyguodong]

Now, if user specify the location of the RequestID in ACCESS_LOG_TEMPLATE like this:

We can see it in access.log:

[zeripath]

linting is failing I'm afraid

[sillyguodong]

linting is failing I'm afraid

It should be ok now.

[pboguslawski]

BTW: chi router uses value from X-Request-ID request header as request ID instead of own generated request ID.

[sillyguodong]

BTW: chi router uses value from X-Request-ID request header as request ID instead of own generated request ID.

hi.
i don't find it that we use RequestID middleware in gitea's web router.
So, i think it won't be conflict?

[pboguslawski]

So, i think it won't be conflict?

Agree. Just pointed to chi solution in case gitea will need reqid in the future in other places also not just for logging (passing reqid with context sounds good).

[techknowlogick]

Thanks for this PR :)

I wonder if it should only accept overrides from the trusted reverse proxy setting to prevent an end user being able to set the request ID (same protections we have in place for accepting forwarded IPs)

[pboguslawski]

I wonder if it should only accept overrides from the trusted reverse proxy

Fetching reqid from header should be disabled by default and enabled only if admin knows what they are doing. Don't know giteas forwarded IPs protections and if they are suitable here.

[wolfogre]

... to prevent an end user being able to set the request ID ...

That's incorrect, unlike X-Forwarded-For, X-Request-ID is designed for an end user, they should be able to set it and use it to trace requests. It doesn't make sense if the ID has been overrided by reverse proxy.

However, you reminded me, we should have some protection, maybe length limitation is enough, to prevent printing a huge request id in log.

[sillyguodong]

now, if length of X-Request-ID (or other header) is more than 256 bits, the id will be printed like this:

[pboguslawski]

now, if length of X-Request-ID (or other header) is more than 256 bits, the id will be printed like this

Consider limiting to 36 or 40 bytes for UUID not to be truncated in logs.

[pboguslawski]

It doesn't make sense if the ID has been overrided by reverse proxy

It makes sense if someone wants to trace request flow between many internal systems and sets such header on front proxy (replacing any value provided by client).

[wolfogre]

It doesn't make sense if the ID has been overrided by reverse proxy

It makes sense if someone wants to trace request flow between many internal systems and sets such header on front proxy (replacing any value provided by client).

I understand, as you said, "only if admin knows what they are doing".

[wxiaoguang]

Fetching reqid from header should be disabled by default

It doesn't make sense if the ID has been overrided by reverse proxy

It makes sense if someone wants to trace request flow between many internal systems and sets such header on front proxy (replacing any value provided by client).

In this case, the header is always set by the front proxy, still no need to disable it if it doesn't come from "trusted-ip".

IMO this request header is just like host oruser-agent, it could just be passed as it is, and it can be set by reverse proxies, since it's not related to security logic (that's different from X-Real-Ip)

enabled only if admin knows what they are doing.

Admins could just use access logs without the RequestID field if they do not want to see or trust the RequestID.

At least, this header shouldn't be mixed with trusted reverse proxy which is dedicated for X-Real-Ip related headers.

[lafriks]

What about X-Correlation-Id and Correlation-Id?

[wxiaoguang]

Oh wait, the + should be +. There is no HTML, do not use HTML entity.

(And below, many +)

[sillyguodong]

emmm...
It seems that template.Execute() escapes the + to the HTML entity.
I will try to fix it

[sillyguodong]

Oh wait, the + should be +. There is no HTML, do not use HTML entity.

(And below, many +)

I solved the problem.
Use "text/template" instead of "html/template" and no escaping will occur~
But this PR have been passed, do I keep pushing on my own branch？

[wxiaoguang]

Sorry, I don't understand why you need text/template or html/template. Aren't these just some comments? Feel free to ignore my comment if that's done by purpose.

[sillyguodong]

In the image, upper part is the output of "html/template", + is indeed escaped.
The comment in app.example.ini was copied from access.log directly. But I did not find this problem at the time.

[sillyguodong]

This may be a previous bug? Need to create a new PR?

gitea/modules/context/access_log.go

Line 9 in 36d1d5f

"html/template"

gitea/modules/context/access_log.go

Line 30 in 36d1d5f

logTemplate, _ := template.New("log").Parse(setting.Log.AccessLogTemplate)

gitea/modules/context/access_log.go

Line 41 in 36d1d5f

err := logTemplate.Execute(buf, routerLoggerOptions{

[wxiaoguang]

The bug was introduced by #14475 . Before, it used text/template as my expectation. But #14475 used the incorrect html/template ...... since then, nobody ever found this bug because the logger is rarely used .....

[wxiaoguang]

This may be a previous bug? Need to create a new PR?

It depends. If I was the PR author, I would fix the bug together to save maintainer's time.

[sillyguodong]

okey, I get it~thx

[lunny]

@sillyguodong Could you also merge #23013 into this PR?

[sillyguodong]

What about X-Correlation-Id and Correlation-Id?

Hi, you can configure it in app.ini file like this:
REQUEST_ID_HEADERS = X-Correlation-Id
The key of the specific request header can be fully customized...

[wxiaoguang]

The + should be fixed.

[codecov-commenter]

Codecov Report

Merging #22906 (29283b1) into main (e6df743) will decrease coverage by 0.03%.
The diff coverage is 5.88%.

❗ Current head 29283b1 differs from pull request most recent head b387a1e. Consider uploading reports for the commit b387a1e to get more accurate results

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@            Coverage Diff             @@
##             main   #22906      +/-   ##
==========================================
- Coverage   47.61%   47.58%   -0.03%     
==========================================
  Files        1147     1147              
  Lines      151196   151213      +17     
==========================================
- Hits        71985    71950      -35     
- Misses      70700    70761      +61     
+ Partials     8511     8502       -9     

Impacted Files	Coverage Δ
modules/context/access_log.go	0.00% <0.00%> (ø)
modules/setting/log.go	58.42% <100.00%> (+0.15%)	⬆️

... and 11 files with indirect coverage changes

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[jolheiser]

🎺 🤖